Thread: Passwords
Added to TODO: * Encrpyt passwords in pg_shadow table using MD5 -- Bruce Momjian | http://www.op.net/~candle pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
On Sat, 6 May 2000, Bruce Momjian wrote: > Added to TODO: > > * Encrpyt passwords in pg_shadow table using MD5 Under FreeBSD, if you use crypt() for encrypting, and you are outside of the 'export restricted area', you auto-get MD5 vs DES ... I think if DES is available, it should be used over MD5, if we're doing this for security reasons ... My *understanding* is that MD5 is a half-way measure that is easier to break then DES, which is why it isn't under the export restrictions ... Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
On Sat, 6 May 2000, The Hermit Hacker wrote: > My *understanding* is that MD5 is a half-way measure that is easier to > break then DES, which is why it isn't under the export restrictions ... There are a few misconceptions here: 1. DES is legal to export since March of this year, when USG relaxed controls on crypto. Any software that is off-the-shelf or 'free as in speech' is allowed to have DES code. Only requirement is that a copy of software or a link to URL which contains software must be provided to BXA office. 2. MD5 was allowed to be exported because it is not a encryption algorithm, and cannot be used as such. It is inherently one-way, therefore the terrorists won't have any use to it. Or something like that ;) -alex
on 5/6/00 9:54 PM, The Hermit Hacker at scrappy@hub.org wrote: > My *understanding* is that MD5 is a half-way measure that is easier to > break then DES, which is why it isn't under the export restrictions ... No, MD5 only provides hashing. You can never "unhash" something, so you can never use MD5 as a real encryption function (which would need to be reversible if you ever want to decrypt your message). Thus, since MD5 does not allow you to encrypt data, it doesn't fall under any export restrictions. It is *very* hard, and most probably impossible to find collisions in the MD5 hashing function (which would allow you to break the password scheme based on it). With a DES-based crypt command, you can actually reverse the process. Take your "crypted" password, and decrypt it using DES and the cleartext password as the key. You'll manage to get back to the original block of "0"s that you started with. That's why DES is export-controlled... -Ben
The Hermit Hacker writes: > My *understanding* is that MD5 is a half-way measure that is easier to > break then DES, which is why it isn't under the export restrictions ... If you don't feel secure about MD5 you can always use SHA1. In fact you might want to look at the mhash package which has a bunch of hashing functions with a decent interface and it's under a BSD'ish license. At least you can steal the implementation from there. -- Peter Eisentraut Sernanders väg 10:115 peter_e@gmx.net 75262 Uppsala http://yi.org/peter-e/ Sweden
On Sun, 07 May 2000, Peter Eisentraut wrote: > If you don't feel secure about MD5 you can always use SHA1. In fact you I've read that SHA1 (Secure Hash Algorithm) is preferred over MD5 for new applications. MD5 should be used only if you need to maintain support for applications which are already using it. SHA1 is 160 bits while MD5 is 128 bits of output. -- Robert B. Easter reaster@comptechnews.com